Wednesday, July 04, 2007
'Zlob' malware hijacks YouTube

~Reprint from Techworld.com

~Article by John E. Dunn, Techworld

YouTube is again being used to distribute malware, this time a variant of the nuisance Zlob adware.

According to Secure Computing, attackers are using a fake video link on the site to initiate infection with the Trojan, which bombards its victims with porn adware, before installing data-stealing code.

What makes matters worse is that the only defence against such attacks on the popular video-hosting website is the diligence of YouTube’s security personnel, who can remove attacks as soon as they find them. However, according to Secure’s Paul Henry, this still gives the malware distributors a window of opportunity of at least hours.

“The fact is, no one expects to find malware hidden in YouTube files. Yet the medium’s popularity is highly alluring as a mass distribution vehicle for malicious code. What’s alarming is that - from a security perspective - many users and organisations will be blindsided and potentially seriously exposed,” he said. “Hackers look at cost of ownership. On YouTube it [the period of opportunity] is half a day.”

The trend to compromise legitimate websites to distribute malware was the latest frontier for criminals, with a string of well-known sites having been hacked in recent times, he said. YouTube’s allure was its massive and trusting user base, which cuts across every demographic.

Secure’s solution was for companies to invest in ‘reputation services’ such Secure Computing’s own, TrustedSource. Equally, companies might choose just to block access to YouTube.

YouTube-related hacks are nothing new. Last November, one appeared on MySpace that posed as a video from the site, but which turned out to be a similar malware scam to the Zlob hack without actually using the site itself.

More recently, hacks hosted on the site itself have started appearing, or using the promise of a YouTube video as bait.

One researcher even claimed to have uncovered a nest of vulnerabilities on the site, none of which YouTube’s owners, Google, had been willing to discuss until he threatened to go public.

Phishing | Malware
7/4/2007 10:57:04 AM (Central Daylight Time, UTC-05:00)  #    Comments  |  Trackback
Sunday, June 10, 2007
Spam Filter adjustments made
I've spent 12 hours working on our spam filtering this weekend, and after examining the logs it appears we finally have it adjusted to where you should start to see minimum spam coming in. However, in adjusting the filters wev'e noticed some domains being blocked that we knew belonged to list servers and businesses that send you traffic on a regular basis were also being blocked. Those that we could identify we have white listed.
 
There are two ways to unblock these sites. The first is for you to send an email to the address of email service. The second and easiest way is to send me a list of those email addresses and I'll see to it that those domains are whitelisted. Even after whitelisting they may show up in your in box as spam, but they will go through.
 
If they show up as spam with the "*****SPAM*****" tag attached, the original email will be attached. You can drag and drop it into your inbox of your email client and open it. This is a new feature of the updated spam filter to protect you from phishing. Phishing is a form of email that attaches to your mail box and tries to capture either personal information on your workstation or email addresses from your address book. Some may be just be a return address to let them know your email address is still good and they can send mail to you.
 
Corporate accounts should notify their employees in the changes made, so they can forward us any domains or email addresses that need to be whitelisted. The way the filters work is that if it is a legitimate email coming through that you respond to it will automatically be added to its whitelist when you answer the email. If the email is coming from a site that is blacklisted either on the server or through one of the blacklist databases we subscribe to, it will be deleted and bounced back to the sender. The problem will have to be addressed by the sender and corrected. We will work with them to find out why it was returned. Sometimes, it can be as simple as phishing software attached to their account attaching to their email and being forwarded to you. In this case they will need to clean their computer with software designed to eliminate the problem. In other cases there may be a problem with the way their email server is sending mail that is causing them to be blacklisted. This will require them to get their email administrator involved.
 
Thank you all for your patience in this matter. We are serious defenders against SPAM.
 
~Ellen Kozel
CEO/Owner
Email | Spam | Phishing
6/10/2007 12:38:36 PM (Central Daylight Time, UTC-05:00)  #    Comments  |  Trackback

Theme design by Jelle Druyts